In this insight, we look at how a recently developed ‘World Cybercrime Index’ appears to show the globe’s key cybercrime hotspots by ranking the most significant sources of cybercrime at a national level.

Three Years To Develop 

The world-first World Cybercrime Index (WCI) was developed by following three years of intensive research as part of a joint partnership between the University of Oxford and the University of New South Wales (UNSW), funded by CRIMGOV (an EU-supported project). Details of the research and findings were published on PLOS ONE, the Public Library of Science open-access journal.

Why? 

Co-author of the study, Dr Miranda Bruce (University of Oxford and UNSW Canberra) said that the index produced by the study will enable both the public and private sectors to focus their resources on key cybercrime hubs, thereby spending less time and funds on cybercrime countermeasures in countries where the problem is not as significant.

Dr Bruce says that WCI will also “help remove the veil of anonymity around cybercriminal offenders, and we hope that it will aid the fight against the growing threat of profit-driven cybercrime.” 

Deeper Understanding 

It’s also hoped that having an index of this kind will bring a “deeper understanding of the geography of cybercrime” and shows how different countries specialise in different types of cybercrime. Continuing to collect such data may also enable monitoring of the emergence of any new hotspots, meaning that interventions could be made in at-risk countries “before a serious cybercrime problem even develops.” 

This WCI can also inform policymakers for better resource allocation in combating cybercrime effectively.

What Is The Index and How Does It Work? 

The World Cybercrime Index (WCI) was developed to provide a comprehensive ranking of countries based on their cybercrime threats and vulnerabilities. The methodology of the WCI involved surveying 92 leading cybercrime experts globally. The experts assessed five categories of cybercrime: technical products/services, attacks and extortion, data/identity theft, scams, and cashing out/money laundering. They then nominated the countries they deemed the most significant sources of each type and rated these countries based on the impact, professionalism, and technical skill of their cybercriminals.

By analysing these expert opinions, researchers were able to generate scores for each category, combining them into an overall metric to create the WCI.

Which Countries? 

The index shows that a relatively small number of countries house the greatest cybercriminal threat. Topping the list is Russia, followed by Ukraine, China, the USA, Nigeria, and Romania, with the UK coming in at number eight.

Invisible Before – Index Is A First Step 

Co-author of the WCI, Associate Professor Jonathan Lusthaus, from the University of Oxford’s Department of Sociology and Oxford School of Global and Area Studies, has highlighted how getting information from surveys about cybercrime has been challenging up until now because offenders often mask their physical locations by hiding behind fake profiles and technical protections.

The index, therefore, is being seen as a valuable first step to a broader aim of understanding the local dimensions of cybercrime production across the world.

For example, co-author of the study, Professor Federico Varese from Sciences Po in France says: “Many people think that cybercrime is global and fluid, but this study supports the view that, much like forms of organised crime, it is embedded within particular contexts”. 

What Does This Mean For Your Business? 

This index appears to follow ‘Pareto’s Principle’, in that the majority of output(s) can be attributed to a minority of input(s) … commonly known as the 80/20 law. For example, 80% of people only use 20% of their computers’ features, or 80% of profits come from 20% of clients.

The development of the World Cybercrime Index (WCI) could have significant implications for businesses across the globe. Understanding the key cybercrime hotspots and the nature of cyber threats they pose may enable businesses to better protect themselves and allocate resources more efficiently.

By highlighting the countries that are the most significant sources of cybercrime, the WCI could help companies operating in or dealing with these regions to take more stringent cybersecurity measures. Being aware of these hotspots may, therefore, enable businesses to more accurately focus their cybersecurity investments on the most pressing threats and on mitigating risks more effectively.

The index’s detailed breakdown of cybercrime categories, e.g. technical products/services, attacks and extortion, data/identity theft, scams, and cashing out/money laundering, also provides businesses with insights into specific types of cyber threats they might face. This granular understanding could help tailor cybersecurity strategies to address the most relevant threats, enhancing overall resilience against cyber-attacks.

Also, the WCI may serve as a valuable tool for policymakers, influencing regulations and cybersecurity frameworks that businesses must comply with. By aligning corporate cybersecurity policies with national and international regulations informed by the index, businesses may be able to ensure they are not only compliant but also optimally protected. This proactive approach could prevent legal and financial repercussions associated with data breaches and cyber-attacks.

As part of the NGI TrustChain initiative, 15 startups have been awarded €1.8 million in funding to use blockchain to tackle online misinformation, fraud and fake identities.

What Is Blockchain? 

Blockchain technology (first released in 2009 and the technology behind Bitcoin) is the decentralised digital ledger system that securely records transactions across multiple computers, ensuring transparency, security, and immutability without the need for a central authority.

What Is The NGI TrustChain Initiative? 

The NGI TrustChain initiative is part of the Next Generation Internet (NGI) programme, aimed at developing a more secure, trustworthy, and decentralised internet. It focuses on using blockchain and distributed ledger technologies to enhance online privacy, data security, and trust. The initiative involves collaboration between a variety of stakeholders, including research institutions, technology developers, and industry experts, all working together to foster innovation and improve the internet’s security, privacy, and trustworthiness.

One of the key aims of the initiative is to protect human rights and democratic processes in online spaces, both of which are threatened by misinformation and fake identities, e.g. through distorted information, manipulation, or weaponisation.

The 15 Startups

The 15 startups were selected from a pool of 162 applicants who responded to an ‘open call-out’ by NGI TrustChain in February 2023. Each of the chosen 15 startups will receive up to €117,000 in funding. The NGI TrustChain initiative has provided over €4.5 million in funding to 43 companies to date.

Who, Where, and What? 

The winning startups are from 10 European countries including the UK, Netherlands, Germany, France, Spain, and Greece. Their blockchain-based solutions of the 15 range from cryptography and data aggregation platforms to open-source IT tools and Web3 computing.

It’s been reported that the startup chosen from the UK is SecureOpinion, which has used blockchain technology to create a secure platform for sharing public opinions on social media, promoting trust and transparency.

As for the reason for the funding of the startups, Dr Rajarajan Muttukrishnan, core team member of TrustChain and Professor and Director of the Institute of Cyber Security at City, University of London says: “misinformation and deepfakes are inescapable in this time of elections and conflicts. We’re funding blockchain and other tamper-resistant technologies from top new startups to increase trust in democracy”. 

Dr Muttukrishnan  points to the value of using blockchain to authenticate online material, saying: “The ability to validate the images and text to prove the authenticity of the media files will help to protect against malicious content utilised for propaganda, political gain or other malicious activities online such as radicalisation, online harm, and terrorism.” 

What Does This Mean For Your Business? 

The EU’s funding of 15 startups through the NGI TrustChain initiative presents significant opportunities for businesses aiming to enhance their digital security and credibility. By integrating blockchain technology, companies can benefit from unparalleled transparency and security in their online operations. This is particularly crucial in an era where misinformation and digital fraud pose substantial risks to both reputation and operational integrity, particularly when 2024 is such a key election year (combatting deepfakes and political misinformation).

For businesses, the adoption of blockchain solutions can lead to more robust verification processes, ensuring that all transactions and interactions are secure and tamper-proof. This is not only essential for protecting sensitive information but also for building and maintaining customer trust. As consumers become increasingly aware of digital threats, demonstrating a commitment to security and transparency can distinguish your business from competitors.

Also, the innovative solutions being developed by these startups, such as SecureOpinion’s platform for verifying public opinions, highlight the practical applications of blockchain beyond financial transactions. Businesses across various sectors can leverage these technologies to safeguard against misinformation, ensuring that the information disseminated and received is accurate and trustworthy. This is especially relevant for companies involved in media, communications, and any field where the authenticity of information is paramount.

By staying ahead of the curve and investing in blockchain technology, businesses can not only protect themselves from the growing threats of online misinformation and fraud but also position themselves as leaders in digital innovation. This proactive approach can enhance a business’s reputation, foster customer loyalty, and ultimately contribute to long-term success in the digital age.

The UK’s National Crime Agency (NCA) has shut down a global call-spoofing operation called ‘Russian Coms’ which is believed to have been used to swindle more than 170,000 victims.

Russian Coms 

Russian Coms is the name of the major caller ID spoofing platform used by criminals to make over 1.8 million fraudulent calls to victims in 107 countries, including the UK, US, New Zealand, Norway, and France. Started in 2021, the platform is believed to have been responsible for financial losses amounting to tens of millions of pounds. It was the Russian Coms platform itself that was shut down by the NCA.

What Is Call Spoofing / ID Spoofing? 

Call spoofing, also known as ID spoofing, is a technique used to falsify the information displayed on the caller ID screen of the recipient’s phone. In other words, it allows the caller to appear as though they are calling from a different number. Criminals can, therefore, display the actual number of the victim’s bank or a government agency, thereby deceiving the recipient into answering the call or divulging sensitive information.

Criminals Paid For Months of Call Spoofing Features 

In the case of the Russian Coms platform, criminals were paying to use the Russian Coms platform to enable them to conduct ID spoofing activities, e.g. they were paying the Russian Coms administrators between £1,200 and £1,400 in cryptocurrency (for anonymity) for a six-month contract use the platform. This provided the criminals with services such as a smartphone (or, more recently, a web app) encrypted calls, web phone capabilities, instant handset wipes, voice-changing features, international calls, and 24/7 support. These features allowed them to spoof the phone numbers of banks or financial institutions, to gain the trust of their victims before stealing money and personal details.

Example 

An example of the kind of ID Spoofing crime committed using the platform was the criminal using the platform’s services would spoof the phone number of a bank (e.g. call a victim pretending to be from their bank) and deceive them into transferring their money to a new account by claiming that fraudulent activity had been noticed in their current account.

London, Not Russia 

In fact, despite the name of the platform, the two men suspected of being the platform’s developers and administrators (aged 26 and 28), were arrested in Newham, London, back in March. A third man, also 28 years old, suspected of being the handset courier, was arrested in April, and last week, one of the many hundreds of scammers thought to have used the platforms services was arrested in Potters Bar.

Handsets pre-loaded 

The smartphone-style handsets provided to scammers as part of the Russia Coms service are reported to have been preloaded with fake apps to fool law enforcement, a VPN to hide the scammer’s IP address, and a ‘burn app / burner app’ that could be used to wipe the handset instantly if needed.

How Much? 

The NCA has reported that between 2021 and 2024, the criminal users of Russian Coms made 1.3 million+ calls to 500,000 unique UK phone numbers, and the average reported loss of victims was more than £9,400.

Bailed 

Although the 3 men arrested in the UK suspected of being associated with the operation of Russian Coms have been bailed, it’s understood that a global operation is now under way to track down the many hundreds of criminals who used the platforms services.

What Does This Mean For Your Business? 

The shutting-down of the Russian Coms operation by the UK’s National Crime Agency (NCA) is a reminder of the evolving sophistication of cyber threats that individuals and businesses face today. For businesses, it’s a reminder of the pressing need to remain vigilant and proactive in their cybersecurity measures and of the importance of implementing robust security protocols to safeguard sensitive information.

It’s also a reminder to businesses to ensure that their employees are trained to recognise phishing and spoofing attempts, as these are common methods used by cybercriminals to gain unauthorised access to company and customer data. Regular training sessions and updated cybersecurity policies can help mitigate these risks.

Businesses should also consider investing in advanced security technologies such as multi-factor authentication, end-to-end encryption, and anti-spoofing measures. These tools can provide an extra layer of security, making it more difficult for cybercriminals to impersonate trusted entities and deceive employees or customers.

The case of Russian Coms also highlights the significance of monitoring and reporting suspicious activities. Prompt reporting to authorities can aid in the swift takedown of fraudulent operations and protect other potential victims. Establishing a clear protocol for employees to report suspicious communications can enhance the overall security posture of the organisation.

Also, the financial implications of cyber fraud cannot be overstated. With reported average losses exceeding £9,400 per victim, the cumulative impact on affected businesses and individuals can be devastating. Therefore, it is crucial for businesses to have comprehensive insurance policies that cover cyber-related incidents and potential financial losses.

The dismantling of Russian Coms appears to be a victory for law enforcement but also a wake-up call for businesses worldwide. By adopting stringent cybersecurity measures, educating employees, and staying vigilant, businesses can better protect themselves against the ever-present threat of cybercrime. The proactive steps taken today can prevent costly breaches and preserve the trust and integrity that are vital to a company’s success.

Following concerns about AI companies scraping data from the web to train their AI models, Apple has sought to present itself as being a better and more ethical AI provider by highlighting how the training and development of its AI models have been done responsibly.

Apple Intelligence 

At its 2024 Worldwide Developers Conference, the tech giant introduced its Apple Intelligence, a personal system for integration with iOS 18, iPadOS 18, and macOS Sequoia. However, Apple also recently announced that it will be using its own AI models alongside OpenAI’s technology to power its generative AI tools in iOS 18. OpenAI, for example, has been accused of scraping data from the web to train its models, e.g. using its ‘GPTBot’ crawler, although it says it curates data from diverse sources (which may include the web) in compliance with legal and ethical guidelines.

Apple, therefore, has sought to head-off accusations and clarify details about its own AI model training sources in a report it published about its Apple Foundation Model (AFM)-on-device, and AFM-server. Although Apple uses its own Applebot web crawler to get data from the web (which websites can opt-out of), in the report, Apple says it has “created Responsible AI principles to guide how we develop AI tools, as well as the models that underpin them”. It also says its pre-training data comes from “a diverse and high-quality data mixture” (no private Apple user data) and stresses its “extensive efforts” to “exclude profanity, unsafe material, and personally identifiable information from publicly available data”, and its “rigorous decontamination” of data.

The latest ‘Barclays Scams Bulletin’ highlights how more romance scams took place in July last year than any other month, as Barclays warns those looking for love to remain vigilant to potential scams. It also highlights how men appear more likely to fall victim to romance scams, while women lose 2.5 times as much money as men in romance scams.

The research figures featured in the report from Barclays show that one in three singletons (34 per cent) is more open to dating in the summer months, which may account for why July accounted for 12 per cent of all romance scam claims last year.

Kirsty Adams, Fraud and Scams Expert at Barclays, also points out where these scams are most prevalent, saying: “Social media platforms and dating apps are by far the biggest sources of romance scams, which is no surprise considering how the dating landscape has changed over the years”. 

Barclays says the advice for anyone who has been targeted is to “report it to their bank and to open up to family and friends for emotional support”.

Newcastle University researchers have reported developing a new ambient-energy-driven membrane that can pump carbon dioxide out of the air.

A First – Like A ‘Water Wheel On A Flour Mill’ 

As Dr Greg A. Mutch (Royal Academy of Engineering Fellow in the School of Engineering, Newcastle University) explains, his team has demonstrated “the first synthetic membrane capable of capturing carbon dioxide from air and increasing its concentration without a traditional energy input like heat or pressure”. 

Dr Mutch has likened the membrane’s ambient-energy power source to a “water wheel on a flour mill” because “whereas a mill uses the downhill transport of water to drive milling, we use it to pump carbon dioxide out of the air.” 

How & Why? 

The membrane was developed as part of tackling the challenges posed by the separation process in ‘direct air capture’, a technology that removes carbon dioxide directly from the atmosphere using chemical processes. With carbon dioxide being the main contributor to climate change (we release ~40 billion tons into the atmosphere every year), it’s hoped that alongside transitioning to renewable energy and traditional carbon capture from point sources like power plants, direct air capture can be used to help reduce atmospheric carbon dioxide levels. This could help mitigate climate change and help meet climate targets, e.g., the 1.5 °C goal set by the Paris Agreement.

Challenges 

The Newcastle University researchers (along with colleagues from 5 other universities) set out to tackle two challenges in the dilute separation processes of direct air capture. These were:

1. Due to the low concentration, the kinetics (speed) of chemical reactions targeting the removal of the dilute component are very slow.

2. Concentrating the dilute component requires a lot of energy.

The newly developed membrane meets both challenges because it doesn’t need traditional energy input like heat or pressure to operate (it just uses the energy from a humidity difference), and technologies such as X-ray micro-computed tomography and molecular scale modelling created a membrane where reaction could happen quickly. Another key aspect of the membrane’s performance is that it has ‘carriers’ within it that uniquely transport both carbon dioxide and water but nothing else.

The Importance of Separation Process Like Direct Air Capture 

With direct air capture being cited as one of the “seven chemical separations to change the world” (David S. Sholl & Ryan P. Lively – Nature.com), improving the process with a new membrane should be seen as an important step forward.

In fact, as highlighted by Newcastle University, “separation processes underpin most aspects of modern life” e.g., most food, fuels, and medicines have been through separation processes and in a world moving towards a circular economy, separation processes will become even more critical. For example, “direct air capture might be used to provide carbon dioxide as a feedstock for making many of the hydrocarbon products we use today, but in a carbon-neutral, or even carbon-negative, cycle”. 

What Does This Mean For Your Organisation? 

The development of this new ambient-energy-driven membrane, led by Newcastle University researchers, could mark a significant breakthrough in the field of sustainability, particularly in carbon capture technology. For businesses, this advancement could have profound implications across multiple dimensions. For example, companies that are striving to meet sustainability targets and reduce their carbon footprint could benefit greatly from incorporating this new technology. Traditional carbon capture methods are often energy-intensive and costly, presenting barriers to widespread adoption. However, the membrane’s ability to function without conventional energy inputs like heat or pressure makes it a cost-effective and environmentally friendly option. This can help businesses achieve their climate goals more efficiently and at a lower cost.

Also, industries heavily reliant on hydrocarbon products now have a promising pathway to transition towards a circular economy. The membrane’s capacity to capture and concentrate carbon dioxide from the air means that CO2 can be used as a feedstock for manufacturing various products. This not only aids in reducing atmospheric CO2 levels but also provides a sustainable source of raw materials, thereby fostering innovation in product development and reducing dependence on fossil fuels.

The membrane’s utilisation of ambient energy also aligns with the growing trend of leveraging renewable energy sources. Businesses could integrate this technology with existing renewable energy infrastructures, such as solar or wind, to further enhance their sustainability initiatives. This synergy may be able to amplify the impact of their environmental efforts, contributing to a more sustainable future.

The membrane innovation could also open up new opportunities for investment and collaboration. Companies in the tech and industrial sectors may want to partner with research institutions like Newcastle University to further refine and commercialise this technology. Such collaborations could lead to the development of customised solutions tailored to specific industrial needs, driving growth, and fostering a competitive edge in the market.

This groundbreaking membrane technology, therefore, not only addresses critical environmental challenges but also offers a myriad of business advantages. From cost savings and new product innovations to enhanced sustainability and collaborative opportunities, businesses may stand to gain significantly by adopting this cutting-edge solution (or others like it). As we move towards a greener economy, staying ahead of such technological advancements will be crucial for long-term success and sustainability.